Re: Proposal: Support custom authentication methods using hooks,Re: Proposal: Support custom authentication methods using hooks

Поиск
Список
Период
Сортировка
От Tatsuo Ishii
Тема Re: Proposal: Support custom authentication methods using hooks,Re: Proposal: Support custom authentication methods using hooks
Дата
Msg-id 20220303.100136.386974761629697042.t-ishii@sranhm.sra.co.jp
обсуждение исходный текст
Ответ на Re: Proposal: Support custom authentication methods using hooks  ("Jonathan S. Katz" <jkatz@postgresql.org>)
Ответы Re: Proposal: Support custom authentication methods using hooks,Re: Proposal: Support custom authentication methods using hooks  (Stephen Frost <sfrost@snowman.net>)
Список pgsql-hackers
Дерево обсуждения 
> On 2/25/22 12:39 PM, Tom Lane wrote:
>> Jeff Davis <pgsql@j-davis.com> writes:
>>> On Thu, 2022-02-24 at 20:47 -0500, Tom Lane wrote:
>>>> ... and, since we can't readily enforce that the client only sends
>>>> those cleartext passwords over suitably-encrypted connections, this
>>>> could easily be a net negative for security.  Not sure that I think
>>>> it's a good idea.
>> 
>>> I don't understand your point. Can't you just use "hostssl" rather
>>> than
>>> "host"?
>> My point is that sending cleartext passwords over the wire is an
>> insecure-by-definition protocol that we shouldn't be encouraging
>> more use of.
> 
> This is my general feeling as well. We just spent a bunch of effort
> adding, refining, and making SCRAM the default method. I think doing
> anything that would drive more use of sending plaintext passwords,
> even over TLS, is counter to that.

There's at least one use case to use plaintext passwords. Pgpool-II
accepts plaintext passwords from frontend (from frontend's point of
view, it looks as if the frontend speaks with PostgreSQL server which
requests the plaintext password authentication), then negotiates with
backends regarding authentication method they demand. Suppose we have
2 PostgreSQL clusters and they require md5 auth. They send different
password encryption salt and Pgpool-II deal with each server using the
salt and password. So Pgpool-II needs plaintext password.  Same thing
can be said to SCRAM-SHA-256 authentication because it's kind of
challenge/response based authentication.

Actually it is possible for Pgpool-II to not use plaintext passwords
reading from frontend. In this case passwords are stored in a file and
Pgpool-II reads passwords from the file. But this is annoying for
users because they have to sync the passwords stored in PostgreSQL
with the passwords stored in the file.

So, dropping plaintext password authentication support from libpq will
make it impossible for users to use the former method.

Best reagards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Peter Smith
Дата:
Сообщение: Re: PG DOCS - logical replication filtering
Следующее
От: Melanie Plageman
Дата:
Сообщение: Why do spgbuildempty(), btbuildempty(), and blbuildempty() use smgrwrite()?